ia64/xen-unstable

view tools/security/secpol_xml2bin.h @ 6946:e703abaf6e3d

Add behaviour to the remove methods to remove the transaction's path itself. This allows us to write Remove(path) to remove the specified path rather than having to slice the path ourselves.
author emellor@ewan
date Sun Sep 18 14:42:13 2005 +0100 (2005-09-18)
parents 3233e7ecfa9f
children 06d84bf87159
line source
1 /****************************************************************
2 * secpol_xml2bin.h
3 *
4 * Copyright (C) 2005 IBM Corporation
5 *
6 * Authors:
7 * Reiner Sailer <sailer@watson.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License as
11 * published by the Free Software Foundation, version 2 of the
12 * License.
13 *
14 */
15 #define POLICY_SUBDIR "policies/"
16 #define POLICY_EXTENSION "-security_policy.xml"
17 #define LABEL_EXTENSION "-security_label_template.xml"
18 #define BINARY_EXTENSION ".bin"
19 #define MAPPING_EXTENSION ".map"
20 #define PRIMARY_COMPONENT_ATTR_NAME "order"
21 #define BOOTSTRAP_LABEL_ATTR_NAME "bootstrap"
22 #define PRIMARY_COMPONENT "PrimaryPolicyComponent"
23 #define SCHEMA_FILENAME "policies/security_policy.xsd"
25 /* basic states (used as 1 << X) */
26 #define XML2BIN_SECPOL 0 /* policy tokens */
27 #define XML2BIN_STE 1
28 #define XML2BIN_CHWALL 2
29 #define XML2BIN_CONFLICTSETS 3
30 #define XML2BIN_CSTYPE 4
32 #define XML2BIN_SECTEMPLATE 5 /* label tokens */
33 #define XML2BIN_POLICYHEADER 6
34 #define XML2BIN_LABELHEADER 7
35 #define XML2BIN_SUBJECTS 8
36 #define XML2BIN_OBJECTS 9
37 #define XML2BIN_VM 10
38 #define XML2BIN_RES 11
40 #define XML2BIN_STETYPES 12 /* shared tokens */
41 #define XML2BIN_CHWALLTYPES 13
42 #define XML2BIN_TYPE 14
43 #define XML2BIN_NAME 15
44 #define XML2BIN_TEXT 16
45 #define XML2BIN_COMMENT 17
47 /* type "data type" (currently 16bit) */
48 typedef u_int16_t type_t;
50 /* list of known elements and token equivalent *
51 * state constants and token positions must be *
52 * in sync for correct state recognition */
54 char *token[20] = /* parser triggers */
55 {
56 [0] = "SecurityPolicyDefinition", /* policy xml */
57 [1] = "SimpleTypeEnforcement",
58 [2] = "ChineseWall",
59 [3] = "ConflictSets",
60 [4] = "Conflict", /* label-template xml */
61 [5] = "SecurityLabelTemplate",
62 [6] = "PolicyHeader",
63 [7] = "LabelHeader",
64 [8] = "SubjectLabels",
65 [9] = "ObjectLabels",
66 [10] = "VirtualMachineLabel",
67 [11] = "ResourceLabel",
68 [12] = "SimpleTypeEnforcementTypes", /* common tags */
69 [13] = "ChineseWallTypes",
70 [14] = "Type",
71 [15] = "Name",
72 [16] = "text",
73 [17] = "comment",
74 [18] = NULL,
75 };
77 /* important combined states */
78 #define XML2BIN_NULL 0
80 /* policy xml parsing states _S */
82 /* e.g., here we are in a <secpol,ste,stetypes> environment, *
83 * so when finding a type element, we know where to put it */
84 #define XML2BIN_stetype_S ((1 << XML2BIN_SECPOL) | \
85 (1 << XML2BIN_STE) | \
86 (1 << XML2BIN_STETYPES))
88 #define XML2BIN_chwalltype_S ((1 << XML2BIN_SECPOL) | \
89 (1 << XML2BIN_CHWALL) | \
90 (1 << XML2BIN_CHWALLTYPES))
92 #define XML2BIN_conflictset_S ((1 << XML2BIN_SECPOL) | \
93 (1 << XML2BIN_CHWALL) | \
94 (1 << XML2BIN_CONFLICTSETS))
96 #define XML2BIN_conflictsettype_S ((1 << XML2BIN_SECPOL) | \
97 (1 << XML2BIN_CHWALL) | \
98 (1 << XML2BIN_CONFLICTSETS) | \
99 (1 << XML2BIN_CSTYPE))
102 /* label xml states */
103 #define XML2BIN_VM_S ((1 << XML2BIN_SECTEMPLATE) | \
104 (1 << XML2BIN_SUBJECTS) | \
105 (1 << XML2BIN_VM))
107 #define XML2BIN_RES_S ((1 << XML2BIN_SECTEMPLATE) | \
108 (1 << XML2BIN_OBJECTS) | \
109 (1 << XML2BIN_RES))
111 #define XML2BIN_VM_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
112 (1 << XML2BIN_SUBJECTS) | \
113 (1 << XML2BIN_VM) | \
114 (1 << XML2BIN_STETYPES))
116 #define XML2BIN_VM_CHWALL_S ((1 << XML2BIN_SECTEMPLATE) | \
117 (1 << XML2BIN_SUBJECTS) | \
118 (1 << XML2BIN_VM) | \
119 (1 << XML2BIN_CHWALLTYPES))
121 #define XML2BIN_RES_STE_S ((1 << XML2BIN_SECTEMPLATE) | \
122 (1 << XML2BIN_OBJECTS) | \
123 (1 << XML2BIN_RES) | \
124 (1 << XML2BIN_STETYPES))
128 /* check versions of headers against which the
129 * xml2bin translation tool was written
130 */
132 /* protects from unnoticed changes in struct acm_policy_buffer */
133 #define WRITTEN_AGAINST_ACM_POLICY_VERSION 1
135 /* protects from unnoticed changes in struct acm_chwall_policy_buffer */
136 #define WRITTEN_AGAINST_ACM_CHWALL_VERSION 1
138 /* protects from unnoticed changes in struct acm_ste_policy_buffer */
139 #define WRITTEN_AGAINST_ACM_STE_VERSION 1